Overview

At Criterion Systems, we developed a different kind of business—a company whose real value is a reputation for excellence built upon the collective skills, talents, perspectives, and backgrounds of its people. By accepting a position with Criterion Systems, you will join a group of professionals with a collaborative mindset where we share ideas and foster professional development to accomplish our goals. In addition to our great culture, we also offer competitive compensation and benefit packages, company-sponsored team building events, and advancement opportunities.

Criterion Systems is a Military/Veteran Friendly Company therefore we encourage Veterans to apply.

• Support security in the system engineering process, supporting Risk Management Framework (RMF) task(s) in accordance with NIST Special Publication 800-37, and the DOD Risk Management Framework, including supporting security assessments and other audits requests, Information System Continuous Monitoring (ISCM), Contingency Planning, incident handling risk analysis and mitigation IT security baseline compliance and security (Role-based and Awareness) training, in accordance with supporting DOT policy and guidelines and NIST standards.
• The individual shall provide on-going recommendations for mitigation of all threats and risks affecting the MARAD environment
• The individual shall assist in the mitigation / remediation process, following corrective action plans approved by MARAD leadership i.e. Contracting Officer (CO), Contracting Officer’s Representative (COR), and/or Task Area COR.
• The individual shall provide support to continuous monitoring process, assessing and evaluating MARAD Information System inventory to detect vulnerabilities, identifying critical and high weakness via insecure application development techniques, cloud environments, networked enclaves, and provided remediation or corrective actions to improve the MARAD security posture.
• The individual shall provide support in tracking and ongoing evaluation of weakness, vulnerabilities in DOT’s Security Tool suite or other detection reports, issued corrective action plans, remediating addressing issues affecting the security posture of MARAD’s applications information system infrastructure.
• The individual shall maintain a current MARAD information system endpoint inventory that will include but is not limited to, all MARAD network ranges, assets, groups, and custom groups within the DOT’s Continuous Diagnostic and Mitigation (CDM) tool suite i.e. BigFix, Nessus and other. The individual shall evaluate endpoints migration to and from the operational environment to ensure inventory accuracy and security tool suites are installed in accordance with approved baseline.
• The individual shall provide cybersecurity expertise to support cybersecurity in the system engineering process formally known as the System’s Development Life Cycle (SDLC) including supporting processing for Security Assessment and Authorization (SA&A), and Information System Continuous Monitoring (ISCM).
• The individual shall support MARAD’s SDLC and DevSecOps implementation. Individual shall maintain architecture diagrams, process and standard operation procedures documentation, and the integration and management of static code vulnerability detection applications into the process. Individual shall evaluate applications including Websites with applicable tool suite(s) and techniques to provide recommendation and track approved remediation pertaining. h) The individual shall manage MARAD’s Information System’s core documentation, in accordance with each phase of the system engineering process / SDLC with standardized templates, baseline management with supporting checklists and technical guides, including but not limited to the DOT Security Authorization and Continuous Monitoring Guide, Weakness Guide and other DOT procedures.
• The individual shall assist the System Owner, Information Owner, and ISSM in recording all known security weaknesses of assigned information systems in the Plans of Action and Milestones (POA&M’s) in accordance with DOT policy, guides and procedures.

Required Experience, Education, Skills & Technologies

• US Citizenship and ability to obtain a public trust
• Must have at least 8 years total information system and network security experience.
• Must have at least 6 years of experience with the federal government creating and maintaining IT Authorization to Operate (ATO) packages and RMF documentation for operational systems and interfacing/coordinating with the System Owners (SO), Business Owners, System Maintainers, and Developers.
• Bachelor’s Degree in relevant field or 4 years of equivalent work experience in lieu of degree
• Have the ability to go onsite in DC 2 times a week.
• Experience in maritime/vessel cybersecurity. Specifically, an understanding of marine operations and IT methods, techniques, and practices sufficient to select, recognize, adapt, and apply shipboard principles and practices
• Understanding of IT governance and management in the federal sector
• Expert level knowledge of Federal Cybersecurity and Privacy Laws, Regulations, Policies, Procedures, and implementation standards
• Understanding of information assurance, cybersecurity, privacy policies disciplines, methodologies including but not limited to National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), NIST Cybersecurity Framework (CSF)
• Understand the Federal Government's deployment of Information Security Continuous Monitoring (ISCM), the Continuous Diagnostics and Mitigation (CDM) Program, organizational phases and technologies.
• Ensure the DOT enterprise information security management system, Cyber Security Assessment and Management (CSAM), accurately contains required information and supporting artifacts.
• Provide project support and coordination with functional teams to gather documentation and support draft responses for audits or evaluations.
• Understanding of Identity, Credential and Access Management (ICAM) implementation.
• Ability to work with customers to assess needs, provide assistance, resolve problems, satisfy expectations; knows products and services.
• Understanding of the principles, methods, or tools for developing, scheduling, coordinating, and managing projects and resources, including monitoring work, and performance.
• Understanding of the principles, methods, and tools of quality assurance and quality control used to ensure a product fulfills functional requirements and standards.
• Proficient in Microsoft Office products: Word, Excel, PowerPoint, Visio, Teams, Power BI, Tableau, and SharePoint.
• Experience with managing Federal contracts projects and must have the ability to communicate effectively both orally and in writing
• Equivalent of IAM Level III certification in accordance with DoD 8570.01M, such as CISSP or CISM or ability to obtain it within 6 months
• Experience with Operational Technology cybersecurity controls and principles
• Ability to perform risk assessment and risk management
• Understand domain structures, network protocols, user authentication, digital signatures, firewall and security best practices.
• Ability and expertise to provide guidance in the design of new application and database configurations and connectivity.
• Ability to administer cybersecurity systems and provide technical recommendation to maintain and improve mission functionality.
• Ability to plan, execute and develop report for application, network (internal or external) vulnerability analysis and provides technical recommendations to maintain and improve mission functionality.
• Understand the FISMA assessment and accreditation process.
• Understand the DOD Risk Management Framework and Reporting process.
• Understanding of the principles and methods to configure and /or administer:
• Network devices security devices such as network firewall, data loss prevention, network intrusion detection systems, and intrusion prevention systems.
• Operating Systems and systems services (Windows Server, Linux/ Unix, and Active Directory)
• Conduct dynamic web application security testing, both manual testing and utilizing application security tools to discover exploitable vulnerabilities.
• Vulnerability Application and database security assessment, scanning and results interpretation.

Additional Experience

• Must be comfortable communicating with system owners, business sponsors, and IT ops personnel to gather needed information to update system core ATO documentation.
• Experience developing privacy documentation such as PTAs, PCMs, and PIAs (desired)
• Must have the ability to multitask. Will be expected to work with developers and business owners to develop core documentation for a new system while working with the system owner and infrastructure/ops teams to update a system in production.
• Must have the ability to communicate effectively both orally and in writing.

Certifications:

• BS in Cybersecurity or related technical field
• Must possess the following verifiable and current Industry Certifications or be able to obtain certification within 6 months of hire date:
• Certified Information Systems Security Professional (CISSP) or similar type certification
• Desired certifications:
• ITILv3
• Project Management Professional (PMP) or Certified Information Systems Manager (CISM)

Clearance: Must possess or be able to obtain a DOT Public Trust clearance

• Benefits Offered
• Medical, Dental, Vision, Life Insurance, Short-Term Disability, Long-Term Disability, 401(k) match, Tuition/Training Assistance, Parental Leave, Paid Time Off, and Holidays.

Criterion Systems, LLC. and its subsidiaries are committed to equal employment opportunity and non-discrimination at all levels of our organization. We believe in treating all applicants and employees fairly and make employment decisions without regard to any individual’s protected status: race, ethnicity, color, national origin, ancestry, religion, creed, sex/gender, gender identity/gender expression, sexual orientation, physical and mental disability, marital/parental status, pregnancy (including childbirth, lactation, and related medical conditions), age, genetic information (including characteristics and testing), military and veteran status, or any other characteristic protected by law.

About the job

At Criterion Systems, we developed a different kind of business—a company whose real value is a reputation for excellence built upon the collective skills, talents, perspectives, and backgrounds of its people. By accepting a position with Criterion Systems, you will join a group of professionals with a collaborative mindset where we share ideas and foster professional development to accomplish our goals. In addition to our great culture, we also offer competitive compensation and benefit packages, company-sponsored team-building events, and advancement opportunities. Criterion Systems is a Military/Veteran Friendly Company therefore we encourage Veterans to apply.

We are seeking an Information Security Compliance and Assessment Specialist to join a U.S. Department of Energy, National Nuclear Security Administration contract in North Las Vegas, NV. In this role, you will serve as a Quality and Compliance Advisor on all matters involving the security of internal information systems. You will have the detailed knowledge and expertise required to provide management with the information and tools to ensure conformance to requirements and improve information assurance quality processes of the organization. You will identify and define areas of non-conformance to requirements and security policies and procedures through ongoing monitoring and assessments.

• Ensuring the implementation of DOE and NNSA cyber security policies and procedures for information systems
• Performing process and system evaluations (assessments) to ensure compliance with established policies, processes, procedures, and applicable standards
• Validating security control assessments results
• Performing a variety of technical and administrative activities related to the function of QA (auditing), including, but not limited to, scheduling, checklist development, report writing, facilitating root cause/lessons learned analysis, and internal/external presentations
• Compiling, analyzing, and reporting on findings of non-compliance and providing recommendations for improvement
• Capturing and maintaining plans of action and milestones on findings of non-compliance
• Tracking and escalating unresolved non-compliance issues and corrective and preventative action plans to closure
• Validating cyber security tests and assessments are conducted in accordance with established policies and procedures
• Formally and informally presents information in group and individual settings

Required Experience, Education, Skills & Technologies

• U.S. Citizenship (NO dual-citizenship)
• Bachelor’s Degree in a related field with appropriate background and knowledge of current industry technologies/standards for enterprise networks. Prior experience in information security/information assurance roles in may be substituted for education requirements (e.g., implementing and managing FISMA, FedRAMP, DoDI 8500.2, HIPAA, or PCI requirements)
• Five (5) years of related work experience
• Applicable certification or the ability to obtain it within 6 months; the Information Security Compliance and Assessment Specialist maps to the NICE Cybersecurity Workforce Framework role of Mission Assessment Specialist
• Experience with NIST SP 800-53, Risk Management Framework (RMF), and security assessment tools
• Demonstrated knowledge and/or experience with Operating System, Virtualization, and Networking technologies
• Must be able to demonstrate specialized experience applying the principles, practices, and techniques used by information systems security personnel
• Proficiency with Microsoft Office products (Word, Outlook, Excel, PowerPoint, and SharePoint)
• Must have strong attention to detail
• Effective verbal and written communication and presentation skills
• Strong planning, organizational, and time management skills
• Demonstrated initiative and ability to work independently, as well as strong interpersonal skills that foster the ability to work effectively on teams, communicate effectively

Preferred Qualifications

NA

Security Clearance Level

• Active Top Secret Clearance with the ability to obtain a Department of Energy (DOE) “Q” Clearance, or an active DOE "Q" clearance

Work Schedule

• Full-time on-site in North Las Vegas, NV, this is not a remote position

Benefits Offered

• Medical, Dental, Vision, Life Insurance, Short-Term Disability, Long-Term Disability, 401(k) match, Tuition/Training Assistance, Parental Leave, Paid Time Off, and Holidays.

Criterion Systems, LLC and its subsidiaries are committed to equal employment opportunity and non-discrimination at all levels of our organization. We believe in treating all applicants and employees fairly and make employment decisions without regard to any individual’s protected status race, ethnicity, color, national origin, ancestry, religion, creed, sex/gender, gender identity/gender expression, sexual orientation, physical and mental disability, marital/parental status, pregnancy (including childbirth, lactation, and related medical conditions), age, genetic information (including characteristics and testing), military and veteran status, or any other characteristic protected by law.

Overview

At Criterion Systems, we developed a different kind of business—a company whose real value is a reputation for excellence built upon the collective skills, talents, perspectives, and backgrounds of its people. By accepting a position with Criterion Systems, you will join a group of professionals with a collaborative mindset where we share ideas and foster professional development to accomplish our goals. In addition to our great culture, we also offer competitive compensation and benefit packages, company-sponsored team building events, and advancement opportunities. Criterion Systems is a Military/Veteran Friendly Company therefore we encourage Veterans to apply.

• Lead Cloud Security Monitoring Team:
• Lead the team in the continuous monitoring of cloud systems and applications, focusing on identifying security risks, vulnerabilities, and compliance issues.
• Ensure that all monitoring activities are proactive and align with industry best practices.
• Provide guidance and mentoring to junior team members
• Develop and deliver status reports and briefings
• Cloud System Administration:
• Support the management of software licenses, security certificates, and domain name registrations.
• Pro-actively track and address approaching expirations and potential security vulnerabilities.
• Monitor and manage the life-cycle of security certificates and domain registrations, ensuring all assets remain up-to-date and secure.
• Cloud Security Monitoring:
• Conduct ongoing monitoring of cloud systems and applications to ensure compliance with security policies and standards.
• Ensure that cloud-based services and applications adhere to established security frameworks and policies (agency-specific, industry standards, and vendor best practices).
• Regularly review compliance status and report findings.
• Remediation and Response:
• Assist in the identification and resolution of anomalies and suspicious activity, ensuring proper documentation and follow-up actions are taken to prevent future occurrences.
• Facilitate and coordinate remediation efforts with system owners.
• Briefings, Reports, and Documentation:
• Maintain up to date documentation and SOPs for security sustainment activities, including software license management, certificate management, and domain registration processes.
• Ensure that all procedures are clearly defined and accessible to relevant stakeholders.
• Support development of briefings and reports.

Required Qualifications

• Active DoD TS/SCI Clearance
• Bachelor’s degree in Engineering, Computer Science, or related field (or additional 4 years of experience in lieu of degree).
• DoD 8570 IAT III Certification or higher
• 10+ years of experience including significant experience in cloud system administration
• Strong understanding of security certificate management, software licensing, and domain registration processes.
• Familiarity with compliance standards such as FedRAMP, and experience in maintaining compliance in cloud environments
• Expertise using Microsoft Excel to analyze large amounts of data and develop reports
• Excellent written and verbal communication skills, with the ability to produce detailed reports and documentation.

Preferred Qualifications

• Experience supporting and/or participating in cloud application security assessments preferred

Security Clearance Level

• Minimum TS/SCI

Certification

• DoD 8570 IAT III Certification or higher (https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications)

Work Schedule

• Full-time hybrid, on-site 3 days/week

Pay Rate

• The projected compensation range for this position is $160,000 - $175,000. Please note that the salary information is a general guideline only. Criterion Systems considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills as well as market and business considerations when extending an offer.

Benefits Offered

• Medical, Dental, Vision, Life Insurance, Short-Term Disability, Long-Term Disability, 401(k) match, Tuition/Training Assistance, Parental Leave, Paid Time Off, and Holidays.

Criterion Systems, LLC and its subsidiaries are committed to equal employment opportunity and non-discrimination at all levels of our organization. We believe in treating all applicants and employees fairly and make employment decisions without regard to any individual’s protected status: race, ethnicity, color, national origin, ancestry, religion, creed, sex/gender, gender identity/gender expression, sexual orientation, physical and mental disability, marital/parental status, pregnancy (including childbirth, lactation, and related medical conditions), age, genetic information (including characteristics and testing), military and veteran status, or any other characteristic protected by law.